Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities
Informations
Name cisco-sa-20180919-webex First vendor Publication 2018-09-19
Vendor Cisco Last vendor Modification 2018-09-19
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerabilities are due to improper validation of Webex recording files. An attacker could exploit this vulnerability by sending a user a link or email attachment containing a malicious file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could allow the attacker to execute arbitrary code on an affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex"]

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbonRJXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczleUP/A405ALuo6duQP4d3psY8986GvpA nbJUfTwwKz3Mk925UjmaGiQfjGBCUIMZEL2j4bo/ioqzOxy919yMEXflaOkCa7ye nyrl11my5Nd0nAsyxtRb2GzIQ6q8+dL45V8NY68pZFMFVJIEes458prtnLE8H42J vMDE6Yh62EI44woYr/T/Oo93t+BvgFecPauLp3Gg7qbAtXDj1U1AKjY1B8QjaYp6 V+3Tw//kn02rOqzkNWVWggbP0GLUBBPnSHPTHWvpwI8YxC5xHnpphejux9+sN7Ss vqdzkbY4Ac14Kkl1L7jV+Sr7RGA9ai7XWPfK9ku37SA7hs5BMf7681hjg8c4MZ8w VxIOLhGoMlu+MHV0pIy33ilA++K7ukX+MADx4PbtLIeMmlAdKWbtI8+K2x2wjTQA fgIwaZ9yPVTnG5Hn1Ry0/NNsUF8SvRdXvjX1Q4lREKKbLKn7Mk6Tt0B3voOoh0k2 12n4cH1JKqFN7rHYJvwuVDaOeWttYMMGnu/aOaHh/0rNZXtBlPOoZYpksTJj10FZ 6Sm/1xMp2jP8QL5U6qvQ0rIHXjIUU2dtld0XbQcRWw9FxRJNLDqogRWACn+Jo4tq eeU3mVSFHxLMfcMrmgC4YrIP9vwFjNpDLlqEb0zjRkHEODOqH8C4EnDD2NFNYHIT lMc19egRoYOxwUy5 =Ukq3 END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
33 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 4
Application 23
Application 18

Snort® IPS/IDS

Date Description
2020-12-05 Cisco WebEx Network Recording Player stack buffer overflow attempt
RuleID : 47879 - Revision : 1 - Type : FILE-OTHER
2020-12-05 Cisco WebEx Network Recording Player stack buffer overflow attempt
RuleID : 47878 - Revision : 1 - Type : FILE-OTHER

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2020-12-05 21:23:46
  • Multiple Updates
2018-11-22 00:22:27
  • Multiple Updates
2018-10-05 21:21:50
  • Multiple Updates
2018-09-19 21:18:56
  • First insertion